Adding Users

Click the icon in the Add User column next to the application that
was created in the previous steps.

This will initiate a wizard. As a first step, select a name for
the user. This doesn't need to map to the username used by the service
provider but will only be used inside the Management Console.

In the next screen there is an authorization link that must be
clicked.

Clicking the link will take you to the service provider's website.
At Twitter, this looks as follows:

Enter the username and password and click Authorize
app. The service provider now forwards us to the callback URL and if the
authorization was successful, you should see this page:

Close the browser tab and return to the
Management Console. Click Next in the wizard and you will see the access
tokens that can be used for accessing the service provider on the user's
behalf. They have been securely stored in the Management Console's key
store and can now be used as input to schedules. However, because we
will need some sample access tokens as test input for the robot that we
will build in a later step, copy the values into a text editor such as
Notepad. For security reasons, you will not be able to retrieve them
from the key store in unencrypted form after having clicked Finish.

At Twitter, we get both an access token and an access
token secret. Service providers that use OAuth 2.0 do not use an access
token secret, so they will only return an access token. Some service
providers will additionally return a refresh token. This is used when
the access tokens returned by the service provider are only short-lived.
Robots can then use the refresh token to obtain new access tokens
without a user having to re-authorize through the Management Console. To
create robots against the API of a service provider, one must copy all
of the tokens displayed at the final step of the wizard.

After clicking Finish, we should now see a user in the Users
section of the OAuth tab.

Note that if you later edit the user, the access token,
access token secret and refresh token will be displayed as "(encrypted)"
for security reasons. To change any of these, simply replace this value
in the input field with the value; otherwise, leave as-is when editing a
user.

Next, we will show how to write a robot that accesses an API that
uses OAuth.